Archive for June, 2010

Fuzzing Negative Software Testing Videos


Videos on Fuzzing

Fuzzing 101

Mike Zusman explains fuzz testing, a special type of negative software testing.

Fuzzing 102

Exploitation Videos from Dino Dai Zovi


Found Interesting videos on Exploitation

Dino Dai Zovi’s Memory Corruption 101

Basic debugging for exploit development

Exploitation 102

Exploit mitigations, shellcoding, and Metasploit with Dino Dai Zovi.

Update,Jailbreak & ssh to iPod Touch 2G


Today one of my office friend bought Ipod Touch 2G 8 GB it was quite good but it was using old firmware version ,as the latest 4.0 has been released so finally planned to update the latest version. Using the latest Itunes application i was able to updated to OS 4.0 which took 20 minutes to update.
Now new firmware looks very nice but i cant mess with most of things like installing custom tools by using the guide i was able to jail break and have access to Cydia it is a replacement packaging and repository manager for the original for the iPhone or iPod touch, once i followed the above guide i was able to jail break the ipod touch with the latest firmware and had access to the Cydia.My next plan is to use Cydia packages to install ssh on the ipod touch so that i can ssh to the device,install and configure the applications. Finally i was able to ssh to IPod touch from My Ubuntu desktop see the below Screenshot.The main objective of the above task was to use Ipod touch has an mobile penetration testing device ,next i will try to post on how to install tools like metasploit,nmap and other security tools.


Reverse Engineering for Vulnerability Analysis Videos


Reverse Engineering for Vulnerability Analysis with Aaron Portnoy and Peter Silberman.

Reverse Engineering 101

Reverse Engineering 102 part 1

Reverse Engineering 102 part 2

Source Code Auditing Videos


I was Searching for More Details On Source Code Auditing found wonderful videos by Brandon Edwards

Introduction to Source Code Auditing by Brandon Edwards, Senior Security Researcher at McAfee.

Code Audits 101

Code Audits 102

Learning Penetration Testing skills in Today’s Chaotic World

In my previous post i was talking about vulnerable web applications for Beginners today we will see how can we Learn Penetration Testing skills in Today’s Chaotic World below are the few Hacking and Vulnerable Labs/Live CD’s to test ur Penetration Testing skills.


Netwars is the ultimate online game: an adventure across the Internet. You can play as an analyst, a penetration tester, a defender, or any combination. You earn points by finding keys, moving to higher levels, capturing services such as a website, overcoming obstacles (attack techniques) and protecting resources (defensive techniques). You can see the other players’ scores and your own points scored, live, or on an overall scoreboard.


OverTheWire community can help you to learn and practice security concepts in the form of funfilled games.


LAMPSecurity training is designed to be a series of vunlerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security.

4)De-ICE live CDS

These live CDS Intended to provide legal targets in which to practice and learn PenTest skills, these LiveCDs are real servers that contain real-world challenges. Designed by professional penetration testers,each disk provides a learning opportunity to explore the world of penetration testing.
register and downlaod these Live Cd’s from


p0wnlabs is your place to hack, experiment and learn by doing.

Join up and you get access to online hacking challenges, exercises and virtual lab environments stocked with hacking challenges for your mind:

  • Map a system
  • Find it’s vulnerabilities
  • 0wn it
  • Try out new hacking tools
  • Learn new hacking tricks
  • Hone your skills
Important:dont try these Live CD’s on production envirnoments make sure u try out in Vmware,If you know any other Live Cd’s or projects please comment i will update the post

WATOBO Web Application Toolbox

Today I was looking on good open source web application Assessment tools & came across this tool WATOBO,this is a graphical interface which runs on ruby, very impressive with less false positives which works in windows only.

The most important advantages are:

* WATOBO has Session Management capabilities! You can define login scripts as well as logout signatures. So you don’t have to login manually each time you get logged out.
* WATOBO can perform vulnerability checks out of the box.
* WATOBO supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click.
* WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
* WATOBO is written in (FX)Ruby and enables you to define your own checks
* WATOBO is free software ( licensed under the GNU General Public License Version 2)

check the Project details here


Detecting Web application firewall during Pentesting

It has Always been overlooked by Penetration Testers while Testing Web Applications, most of the Web Applications are Protected by Application firewall & it is not so easy to find which firewall has been using,here comes a tool “WAFW00F” which can fingerprint 20 WAF products this helps a Pentester to find and analyse the WebApplication.

WAFW00F allows you fingerprint WAF products protecting a website. The tool as of now can fingerprint 20 WAF products. How can it do that? Possibly, it is looking at the following:

* Cookies – Some WAF products add their own cookie in the HTTP communication.

* Server Cloaking – Altering URLs and Response Headers.

* Response Codes – Different error codes for hostile pages/parameters values.

* Drop Action – Sending a FIN/RST packet. This can also be a false positive for an IDS/IPS.

* Pre Built-In Rules – Each WAF has different negative security signatures. A study is done of all them WAF products.

Below is the test Conducted on Modsecurity its an Open Source Firewall

1) punter@rtfm:~$svn checkout waffit – Revision 11: /trunk waffit-read-only
2) punter@rtfm:~$cd to that downloaded directory cd /pentest/web/waffit-read-only#
3) punter@rtfm:~$python–>

punter@rtfm:~$ python
^ ^
_ __ _ ____ _ __ _ _ ____
///7/ /.’ \ / __////7/ /,’ \ ,’ \ / __/
| V V // o // _/ | V V // 0 // 0 // _/
|_n_,’/_n_//_/ |_n_,’ \_,’ \_,’/_/

WAFW00F – Web Application Firewall Detection Tool

By Sandro Gauci && Wendel G. Henrique

The site is behind a ModSecurity
Number of requests: 5

Vulnerable Web Applications To learn Web Application Testing Skills


I have Often seen Beginners who will pursue their carrier in Application Security always have less Hands on experience in testing Web Applications below are the links Would help them to learn and Improve their skills in Application Security Testing.

Vulnerable Webapplications

1) Jarlsberg App

2) OWASP Broken Web Applications project
Intentionally Vulnerable Applications:
•OWASP WebGoat version 5.3-SNAPSHOT (Java)
•OWASP Vicnum version 1.4 (PHP/Perl)
•Mutillidae version 1.3 (PHP)
•Damn Vulnerable Web Application version 1.06 (PHP)
•Ghost (PHP)
•Peruggia version 1.2 (PHP)
•OWASP CSRFGuard Test Application version 2.2 (Java)
•OWASP AppSensor Demo Application (Java)
•Mandiant Struts Forms (Java/Struts)
•Simple ASP.NET Forms (ASP.NET/C#)
•Simple Form with DOM Cross Site Scripting (HTML/JavaScript)

Old Versions of Real Applications:
•WordPress 2.0.0 (PHP, released December 31, 2005, downloaded from
•phpBB 2.0.0 (PHP, released April 4, 2002, downloaded from
•Yazd version 1.0 (Java, released February 20, 2002)

3)Web Security Dojo

Targets include:

•OWASP’s WebGoat
•Damn Vulnerable Web App
•Hacme Casino
•OWASP InsecureWebApp
•simple training targets by Maven Security (including REST and JSON)

•Burp Suite (free version)
•OWASP Skavenger
•OWASP Dirbuster
•helpful Firefox add-ons

4)SPI Dynamics (live) –

5)Cenzic (live) –

6)Watchfire (live) –

7)Acunetix (live) –

8)PCTechtips Challenge (live) –

9)The Butterfly Security Project –

10)Hacme Casino –

11)Hacme Bank 2.0 –

12)Updated HackmeBank –

14)Hacme Books –

15)Hacme Travel –

16)Hacme Shipping –

17)OWASP SiteGenerator –

18)Moth –

19)Stanford SecuriBench –

20)SecuriBench Micro –

21)BadStore –

22)WebMaven/Buggy Bank –

Hello world!


Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!

Go to Top